platform/blackroad-os-web
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Pin all GitHub Actions to full commit SHAs (13 files)

Browse Source 
Security compliance - SHA pinning for all actions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Your Name
2026-02-14 23:01:02 -06:00
parent 73e64cae27
commit 64c51ba295
13 changed files with 58 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/auto-deploy.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Detect Service Type - name: Detect Service Type
id: detect id: detect
@@ -48,10 +48,10 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Setup Node - name: Setup Node
uses: actions/setup-node@v4 uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
with: with:
node-version: ${{ env.NODE_VERSION }} node-version: ${{ env.NODE_VERSION }}
cache: 'npm' cache: 'npm'
@@ -65,7 +65,7 @@ jobs:
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
- name: Deploy to Cloudflare Pages - name: Deploy to Cloudflare Pages
uses: cloudflare/wrangler-action@v3 uses: cloudflare/wrangler-action@da0e0defe797f585287c6d4b321e6d88e2084cb3
with: with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
@@ -79,7 +79,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Install Railway CLI - name: Install Railway CLI
run: npm i -g @railway/cli run: npm i -g @railway/cli

2
.github/workflows/autonomous-agent.yml vendored
View File

@@ -20,7 +20,7 @@ jobs:
autonomous-build: autonomous-build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
fetch-depth: 0 fetch-depth: 0

12
.github/workflows/autonomous-cross-repo.yml vendored
View File

@@ -51,7 +51,7 @@ jobs:
sync_files: ${{ steps.changes.outputs.files }} sync_files: ${{ steps.changes.outputs.files }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
fetch-depth: 2 fetch-depth: 2
@@ -105,12 +105,12 @@ jobs:
steps: steps:
- name: Checkout Source - name: Checkout Source
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
path: source path: source
- name: Checkout Target - name: Checkout Target
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
repository: ${{ matrix.repo }} repository: ${{ matrix.repo }}
path: target path: target
@@ -195,12 +195,12 @@ jobs:
steps: steps:
- name: Checkout Source - name: Checkout Source
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
path: source path: source
- name: Checkout Target - name: Checkout Target
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
repository: ${{ matrix.repo }} repository: ${{ matrix.repo }}
path: target path: target
@@ -266,7 +266,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Analyze Dependencies - name: Analyze Dependencies
id: deps id: deps

8
.github/workflows/autonomous-dependency-manager.yml vendored
View File

@@ -43,7 +43,7 @@ jobs:
security_issues: ${{ steps.security.outputs.count }} security_issues: ${{ steps.security.outputs.count }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Detect Package Managers - name: Detect Package Managers
id: detect id: detect
@@ -86,10 +86,10 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Setup Node - name: Setup Node
uses: actions/setup-node@v4 uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
with: with:
node-version: '20' node-version: '20'
@@ -199,7 +199,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5

14
.github/workflows/autonomous-issue-manager.yml vendored
View File

@@ -46,7 +46,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: AI Analysis - name: AI Analysis
id: ai id: ai
@@ -104,7 +104,7 @@ jobs:
echo "labels=$LABELS" >> $GITHUB_OUTPUT echo "labels=$LABELS" >> $GITHUB_OUTPUT
- name: Apply Labels - name: Apply Labels
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const aiLabels = '${{ steps.ai.outputs.labels }}'.split(',').filter(l => l); const aiLabels = '${{ steps.ai.outputs.labels }}'.split(',').filter(l => l);
@@ -156,7 +156,7 @@ jobs:
} }
- name: Welcome Response - name: Welcome Response
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const labels = '${{ steps.keywords.outputs.labels }}'.split(',').filter(l => l); const labels = '${{ steps.keywords.outputs.labels }}'.split(',').filter(l => l);
@@ -203,7 +203,7 @@ jobs:
steps: steps:
- name: Find Stale Issues - name: Find Stale Issues
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const staleDays = parseInt('${{ env.STALE_DAYS }}'); const staleDays = parseInt('${{ env.STALE_DAYS }}');
@@ -282,7 +282,7 @@ jobs:
steps: steps:
- name: Check for Existing Issue - name: Check for Existing Issue
id: check id: check
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
// Search for existing issue about this workflow // Search for existing issue about this workflow
@@ -299,7 +299,7 @@ jobs:
} }
- name: Create or Update Issue - name: Create or Update Issue
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const workflowName = '${{ github.event.workflow_run.name }}'; const workflowName = '${{ github.event.workflow_run.name }}';
@@ -355,7 +355,7 @@ jobs:
steps: steps:
- name: Generate Statistics - name: Generate Statistics
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
// Get all issues // Get all issues

18
.github/workflows/autonomous-orchestrator.yml vendored
View File

@@ -68,7 +68,7 @@ jobs:
memory_context: ${{ steps.memory.outputs.context }} memory_context: ${{ steps.memory.outputs.context }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -201,7 +201,7 @@ jobs:
build_result: ${{ steps.build.outputs.result }} build_result: ${{ steps.build.outputs.result }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Setup Environment - name: Setup Environment
run: | run: |
@@ -301,7 +301,7 @@ jobs:
severity: ${{ steps.scan.outputs.max_severity }} severity: ${{ steps.scan.outputs.max_severity }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run Security Scanners - name: Run Security Scanners
id: scan id: scan
@@ -360,7 +360,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -389,7 +389,7 @@ jobs:
echo "AI Review: $REVIEW" echo "AI Review: $REVIEW"
- name: Post Review Comment - name: Post Review Comment
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const testResult = '${{ needs.test-and-build.outputs.test_result }}'; const testResult = '${{ needs.test-and-build.outputs.test_result }}';
@@ -470,7 +470,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Determine Deploy Target - name: Determine Deploy Target
id: target id: target
@@ -567,7 +567,7 @@ jobs:
done done
- name: Auto-Respond - name: Auto-Respond
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const labels = '${{ steps.analyze.outputs.labels }}'.split(',').filter(l => l); const labels = '${{ steps.analyze.outputs.labels }}'.split(',').filter(l => l);
@@ -599,7 +599,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Update Dependencies - name: Update Dependencies
run: | run: |
@@ -642,7 +642,7 @@ jobs:
done done
- name: Health Report - name: Health Report
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const healthScore = '${{ needs.analyze.outputs.health_score }}'; const healthScore = '${{ needs.analyze.outputs.health_score }}';

14
.github/workflows/autonomous-self-healer.yml vendored
View File

@@ -49,7 +49,7 @@ jobs:
fix_strategy: ${{ steps.strategy.outputs.approach }} fix_strategy: ${{ steps.strategy.outputs.approach }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Get Failed Run Logs - name: Get Failed Run Logs
id: logs id: logs
@@ -138,12 +138,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
ref: ${{ github.event.workflow_run.head_branch || github.ref }} ref: ${{ github.event.workflow_run.head_branch || github.ref }}
- name: Setup Node - name: Setup Node
uses: actions/setup-node@v4 uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
with: with:
node-version: '20' node-version: '20'
@@ -185,7 +185,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
ref: ${{ github.event.workflow_run.head_branch || github.ref }} ref: ${{ github.event.workflow_run.head_branch || github.ref }}
@@ -231,7 +231,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
ref: ${{ github.event.workflow_run.head_branch || github.ref }} ref: ${{ github.event.workflow_run.head_branch || github.ref }}
@@ -293,7 +293,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: with:
ref: ${{ github.event.workflow_run.head_branch || github.ref }} ref: ${{ github.event.workflow_run.head_branch || github.ref }}
@@ -315,7 +315,7 @@ jobs:
- name: Create Issue for Manual Review - name: Create Issue for Manual Review
if: needs.diagnose.outputs.fixable == 'maybe' if: needs.diagnose.outputs.fixable == 'maybe'
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const failureType = '${{ needs.diagnose.outputs.failure_type }}'; const failureType = '${{ needs.diagnose.outputs.failure_type }}';

2
.github/workflows/blackroad-auto-merge.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
steps: steps:
- name: 📥 Checkout Repository - name: 📥 Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: 🔍 Get PR Details - name: 🔍 Get PR Details
id: pr id: pr

10
.github/workflows/blackroad-codeql-analysis.yml vendored
View File

@@ -29,10 +29,10 @@ jobs:
steps: steps:
- name: 📥 Checkout Repository - name: 📥 Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: 🔍 Initialize CodeQL - name: 🔍 Initialize CodeQL
uses: github/codeql-action/init@v3 uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
# Auto-build for compiled languages # Auto-build for compiled languages
@@ -40,12 +40,12 @@ jobs:
queries: +security-and-quality queries: +security-and-quality
- name: 🏗️ Autobuild - name: 🏗️ Autobuild
uses: github/codeql-action/autobuild@v3 uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f
# Only needed for compiled languages like Java, C++, C#, Go, Swift # Only needed for compiled languages like Java, C++, C#, Go, Swift
# For JavaScript and Python, CodeQL analyzes without building # For JavaScript and Python, CodeQL analyzes without building
- name: 🔒 Perform CodeQL Analysis - name: 🔒 Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3 uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f
with: with:
category: "/language:${{matrix.language}}" category: "/language:${{matrix.language}}"
@@ -61,7 +61,7 @@ jobs:
- name: 📝 Create Issue on Failure - name: 📝 Create Issue on Failure
if: failure() if: failure()
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
const issue = await github.rest.issues.create({ const issue = await github.rest.issues.create({

4
.github/workflows/deploy.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
name: Deploy to Cloudflare Pages name: Deploy to Cloudflare Pages
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Brand Compliance Check - name: Brand Compliance Check
run: | run: |
@@ -46,7 +46,7 @@ jobs:
- name: Add deployment comment - name: Add deployment comment
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
github.rest.issues.createComment({ github.rest.issues.createComment({

12
.github/workflows/security-scan.yml vendored
View File

@@ -25,18 +25,18 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v3 uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v3 uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3 uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f
dependency-scan: dependency-scan:
name: Dependency Scan name: Dependency Scan
@@ -44,12 +44,12 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run npm audit - name: Run npm audit
if: hashFiles('package.json') != '' if: hashFiles('package.json') != ''
run: npm audit --audit-level=moderate || true run: npm audit --audit-level=moderate || true
- name: Dependency Review - name: Dependency Review
uses: actions/dependency-review-action@v4 uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3571e89a4315193b17
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'

8
.github/workflows/self-healing.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Check Health - name: Check Health
id: health id: health
@@ -48,7 +48,7 @@ jobs:
- name: Create Issue on Failure - name: Create Issue on Failure
if: failure() if: failure()
uses: actions/github-script@v7 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with: with:
script: | script: |
github.rest.issues.create({ github.rest.issues.create({
@@ -65,11 +65,11 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Setup Node - name: Setup Node
if: hashFiles('package.json') != '' if: hashFiles('package.json') != ''
uses: actions/setup-node@v4 uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
with: with:
node-version: '20' node-version: '20'

2
.github/workflows/trinity-compliance.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Check Trinity Structure - name: Check Trinity Structure
run: | run: |